APAR status
Closed as program error.
Error description
When the the EncodingType attribute is included on the wsse:Nonce element in a SOAP Security header the following error may occur: 17.11.09 13:53:46:390 CET] 0000003f WSNonceManage E CWWSS0121E: The Nonce is null or of zero length. The Nonce is for "Number only used once" and is a randomly generated value. Following is an example of a Nonce element that will cause the error: <wsse:Nonce EncodingType=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-mes sage- security-1.0#Base64Binary"> q+XSjt6vcCbtee75lMSkwQ==</wsse:Nonce>
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: IBM WebSphere Application Server Feature * * Pack for Web Services users of * * WS-Security enabled JAX-WS applications * **************************************************************** * PROBLEM DESCRIPTION: CWWSS0121E error may occur when an * * EncodingType attribute is included on * * the wsse:Nonce element * **************************************************************** * RECOMMENDATION: Install a fixpack that contains this APAR. * **************************************************************** When the the EncodingType attribute is included on the wsse:Nonce element in the Security header of an inbound SOAP message, the following error may occur at the receiver of the message: 17.11.09 13:53:46:390 CET] 0000003f WSNonceManage E CWWSS0121E: The Nonce is null or of zero length. The Nonce is for "Number only used once" and is a randomly generated value. Following is an example of a Nonce element that will cause the error: <wsse:Nonce EncodingType=" http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-mes sage- security-1.0#Base64Binary"> q+XSjt6vcCbtee75lMSkwQ==</wsse:Nonce> The wsse namespace is http://schemas.xmlsoap.org/ws/2002/xx/secext
Problem conclusion
This problem occurs because the WS-Security runtime is not recognizing the value provided for the EncodingType attribute on the wsse:Nonce element. During runtime, the "http:" portion of the value is being improperly removed before being compared to the list of recognized values. The WS-Security runtime is updated to properly process the EncodingType attribute on the wsse:Nonce element. The fix for this APAR is currently targeted for inclusion in fix pack 6.1.0.31. Please refer to the Recommended Updates page for delivery information: http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Temporary fix
Comments
APAR Information
APAR number
PM02722
Reported component name
WEBSERVIC FEATU
Reported component ID
5724J0850
Reported release
610
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2009-12-03
Closed date
2010-01-30
Last modified date
2010-01-30
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBSERVIC FEATU
Fixed component ID
5724J0850
Applicable component levels
R610 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.1","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
10 February 2022